24
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Nov 2023
24 points (100.0% liked)
Programming
17314 readers
226 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS
Queues must stop accepting more work before they bring down the application.
If the customer wants to write too much data, start rejecting jobs.
Our database is actually pretty graceful. It just goes into stop writes status. You can still read any data and resolving the situation is as easy as scaling the cluster or removing old records. By no means is the database down or inoperable.
Essentially our database is working as designed. If we rate limited it further then we have less of a product to sell. The main feature we sell of our database technology is its IOPS and resiliency.
Further, this is just for a specific customer, it has no impact to any other customers or any sort of central orchestration. Generally speaking the stop writes status only ever impacts a single customer and their associated applications.
Also, customers can be very stingy with the clusters they are willing to buy. We actually are on poor terms of the couple of our customers who just refuse to scale and just expect us to magic their cluster into accepting more data than its sized for.
There is a fundamental rate limit based on cluster performance.
Your application is not aware of this limit, so it pretends to the client that there is no limit, then falls over.
Since you can’t make that number be infinity for your stingy customers, you need to send a rate limit exceeded error, even if you won’t admit to having an actual IOPS limit.
Surely there are cluster sizing guidelines you can point to once someone fills the queue?
"Your application" - the customers you mean. Our DB definitely does it's own rate limiting and it emits rate limit warnings and errors as well. I didn't say we advertised infinite IOPs that would be silly. We are totally aware of the scaling factors there and to date IOPs based scaling is rarely a Sev1 because of it. (Oh no p99 breached 8ms. Time to talk to Mr customer about scaling up soon)
The problem is that the resulting cluster is so performant that you could load in 100x the amount of data and not notice until the disk fills up. And since these are NVME drives on cloud infrastructure, they are $$$.
So usually what happens is that the customer fills up the disk arrays so fast that we can't scale the volumes/cluster fast enough to avoid stop-writes let alone get feedback from the customer in time. And now that's like the primary reason to get paged these days.
We generally catch gradual disk space increases from normal customer app usage. Those give us hours to respond and our alerts are well tuned. It's the "Mr. Customer launched a new app and didn't tell us, and now they've filled up the disks in 1 hour flat." that I'm complaining about.